Giters

django / daphne

Django Channels HTTP/WebSocket server

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Daphne SSL certs failing

patientplatypus6 opened this issue · comments

commented

Running

daphne -e ssl:443:privateKey=./yourdomain.pem:certKey=./yourdomain_public.pem lightchan.asgi:application

results in

(env) pweyand@pweyand-ThinkPad-E15:~/NEST/lightchan/lightchan/backend/lightchan$ ./run.sh 
inside the ready function
2022-02-27 16:48:45,426 INFO     Starting server at ssl:443:privateKey=yourdomain.pem:certKey=yourdomain_public.pem
2022-02-27 16:48:45,427 INFO     HTTP/2 support enabled
2022-02-27 16:48:45,427 INFO     Configuring endpoint ssl:443:privateKey=yourdomain.pem:certKey=yourdomain_public.pem
Traceback (most recent call last):
  File "/home/pweyand/.local/bin/daphne", line 8, in <module>
    sys.exit(CommandLineInterface.entrypoint())
  File "/home/pweyand/.local/lib/python3.8/site-packages/daphne/cli.py", line 170, in entrypoint
    cls().run(sys.argv[1:])
  File "/home/pweyand/.local/lib/python3.8/site-packages/daphne/cli.py", line 285, in run
    self.server.run()
  File "/home/pweyand/.local/lib/python3.8/site-packages/daphne/server.py", line 123, in run
    ep = serverFromString(reactor, str(socket_description))
  File "/home/pweyand/.local/lib/python3.8/site-packages/twisted/internet/endpoints.py", line 1779, in serverFromString
    nameOrPlugin, args, kw = _parseServer(description, None)
  File "/home/pweyand/.local/lib/python3.8/site-packages/twisted/internet/endpoints.py", line 1703, in _parseServer
    return (endpointType.upper(),) + parser(factory, *args[1:], **kw)
  File "/home/pweyand/.local/lib/python3.8/site-packages/twisted/internet/endpoints.py", line 1436, in _parseSSL
    privateCertificate = ssl.PrivateCertificate.loadPEM(certPEM + b"\n" + keyPEM)
  File "/home/pweyand/.local/lib/python3.8/site-packages/twisted/internet/_sslverify.py", line 632, in loadPEM
    return Class.load(
  File "/home/pweyand/.local/lib/python3.8/site-packages/twisted/internet/_sslverify.py", line 612, in load
    return Class._load(data, format)._setPrivateKey(privateKey)
  File "/home/pweyand/.local/lib/python3.8/site-packages/twisted/internet/_sslverify.py", line 452, in load
    return Class(crypto.load_certificate(format, requestData), *args)
  File "/home/pweyand/.local/lib/python3.8/site-packages/OpenSSL/crypto.py", line 1962, in load_certificate
    _raise_current_error()
  File "/home/pweyand/.local/lib/python3.8/site-packages/OpenSSL/_util.py", line 55, in exception_from_error_queue
    raise exception_type(errors)
OpenSSL.crypto.Error: [('PEM routines', 'get_name', 'no start line')]

The start lines for OpenSSL are valid

(env) pweyand@pweyand-ThinkPad-E15:~/NEST/lightchan/lightchan/backend/lightchan$ cat yourdomain_public.pem 
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwStU6BsF/kxkV1qvICpQ
Z7ReKewrFEoRaBeb/eFPHdqAK7ohEBRbafbJCGGWwKIfx9fjVRkL1xjoE6KtU92t
1Sw1VU1tpLLdpCzMRbsf6cVvCgJcLypyOxfjxKojfvBwfAAFa4Q/dlqqfJuMu2wv
8ooIy/xvRXv6Ltgu8zsmewZcw3CaxXfiE6OeGXjiQFynxVj/mfjoHgfoxN+UCxRE
79F6rP4lStZe+LG/+MsayfCzclDEl16UPh3c7ihQORg9UASa69nd69JXLQa4DxIN
3hC5Z9ue5SQJ0n6KNL7vJ5T7CvstRbTajray0mYVBFuQ6jPm6a9TXWvZeAhGIOGs
wQIDAQAB
-----END PUBLIC KEY-----

(env) pweyand@pweyand-ThinkPad-E15:~/NEST/lightchan/lightchan/backend/lightchan$ cat yourdomain.pem 
-----BEGIN RSA PRIVATE KEY-----
MIIEpgIBAAKCAQEAwStU6BsF/kxkV1qvICpQZ7ReKewrFEoRaBeb/eFPHdqAK7oh
EBRbafbJCGGWwKIfx9fjVRkL1xjoE6KtU92t1Sw1VU1tpLLdpCzMRbsf6cVvCgJc
LypyOxfjxKojfvBwfAAFa4Q/dlqqfJuMu2wv8ooIy/xvRXv6Ltgu8zsmewZcw3Ca
xXfiE6OeGXjiQFynxVj/mfjoHgfoxN+UCxRE79F6rP4lStZe+LG/+MsayfCzclDE
l16UPh3c7ihQORg9UASa69nd69JXLQa4DxIN3hC5Z9ue5SQJ0n6KNL7vJ5T7Cvst
RbTajray0mYVBFuQ6jPm6a9TXWvZeAhGIOGswQIDAQABAoIBAQCezHR8atq+dyZ1
+YLGOoLm/gv7Ar9Xapxsqhv+1d4oeJutVtIfWdzce5hAX5mCusTNkNi9+F0Xcs42
diFvNGnXOQSPH5vnLXOvp3Q2TuKpVzk1TUNjMs29bqI75nJPxHF0PsA15v4U2ewV
i/phiUrRZFBfASKoSIcfQ3E1W4cC0oZj8DSQGWeM/TEKz6wZ2b71MlkPdkqagG2l
snoG3jIj8CFWaOxTOgCYDI3pgBlEb+86cLet9r5MiMyk/meRtZ0JkRvbJhi/FKky
YEWjnqUr4pRjC7wnL1VE9Oq3ZVZmyX8n5RZJaDGYstkRFo669DB5kZnY00s37RNc
eT8ATcXBAoGBAOSmGTIvDRy1+r2wTKIZIwZybEvR/HzsE+086Hb2WDfi01tT4avp
oDSy0qxUfJ26mJgdINHoIQXUt5n6j6QchYAsESQidDrlFf5/6BuE+6W9Fa7mYn1V
vXz06hnxotWIFiqmHXrp9HJAkgzPiv1DGCj3cgKF8a+UICbQEap0uRJNAoGBANhG
vpfRSkpTIGFonkbCoiTHVXmX5wHp7DBqmXgnfje6vYNPjyWiytXuTXBTyPkTVHCp
QPfD+/G5hD+UMA6pC6B2npybz1VDwl7DT/PbNNUjgnsX2lWucNmEj77Vf5dVByiA
hPuFoV/X0y2Ccu/8ZeMB+Mk3t091K8oG4SIUcbZFAoGBAKmn5UIrT1tiXC6rxfDx
HeAGvvxzTxmSQibh7st2dnbhQ1qcnvJkY482sMNV3TFb5yXXVybpSrd84s7J8BMh
Zp14FS/usLeSjANO/PaOcfrElnY0VBgTqooxYBLoDJ7MX0Y+A9nUBqFP8A65YLQT
OLYNBPeCU5aoHkMuWC1WdoxxAoGBAJphXVlHhw0o6zs9D4YZFt7D/yqNmNNP5E3n
Oed/4WPsg6zA1MCbxMgSk+pzlEjfWG4XEw4JMsWolFNB90/vsSH4ql3GBqipdoxo
RKEgP0VJVLGDJFH29A0AyA8DnVEr27E4lDRqfffJOrAIpvzRoPT7Cliv0cUBMaHD
aV8HUug1AoGBAIOx/+nEhn+fddwUF0dmYNGx9qJw27oenA1Ynty5vXaQKzU/TOw3
WsCV+8p4rMZ7vDOmDjMHYOcSACx6vYl5KCIXdWXv9HevQ/2NTHGaNUWYQHxyE9/Z
5emHnx0lSsCoSoBPNKhrUQoP6MROMeSPW8KOsMCTMpd1HPv38nDRoqBw
-----END RSA PRIVATE KEY-----

...and are located in the current directory. Why isn't this working?

EDIT:

daphne -b 0.0.0.0 -p 8001 lightchan.asgi:application

Works as expected, so it's not that the application can't find the asgi or the asgi is somehow misconfigured.

commented

It's not sufficiently clear that there's an error with Daphne here.